Access control is defined at the team level.
Within a team, you can create people and systems and control their access with roles.
Roles apply to two areas of access:
- Team dashboard - available to people via a web browser with an email and password.
- Ledger API - available to people and systems via an SDK with an API credential.
People are human users on your team that can access the team dashboard and Ledger API.
You can invite people to your team by visiting the team dashboard and selecting the "People" tab in the team navigation bar.
You will be asked to provide an email address and assign a role.
The person will receive an email asking them to create an account on your team with an email address and password. They will use these to login to your team dashboard at
Personal API Credentials
People who are devloping applications on top of a ledger can also access the Ledger API from their local machines using Personal API Credentials, which are created in the team dashboard:
- Click the user account menu in the top right of the navigation bar
- Select "Settings"
- Scroll down to the "Personal API Credentials" section
- Click the "New" button
Systems are non-human users on your team — such as your staging and production environments — that can access the Ledger API.
A role is an access control policy that can be assigned to people or systems. A role defines what each can do when accessing the team dashboard or Ledger API.
A role applies to all API credentials created for a person or system.
There are currently three roles during the developer preview:
- Everything in readwrite and readonly, plus
- Can create and edit access controls (people, systems, and roles)
- Everything in readonly, plus
- Can create and edit ledgers
- Can create and edit objects inside ledgers (keys, accounts, and assets)
- Can sign transactions (to transfer and issue assets)
- Can view access controls (people, systems, and roles)
- Can view ledgers
- Can view objects inside ledgers (keys, accounts, and assets)
- Can query ledger data (transactions, contracts, and balances)
Custom roles, including ledger-specific access will be enabled after the developer preview, before production ledgers become available.